The celebratory confetti has barely settled on the campaign office floor, but in the age of patches, hacks, and cyberattacks, the nation’s attention has shifted to how President-elect Donald Trump will manage U.S. privacy and data security issues.
During the campaign, Mr. Trump did not extensively outline a cybersecurity plan, but from the information provided on his website, the administration will likely construct strong government cybersecurity policies both defensively and offensively. His website provides the following cybersecurity agenda:
- “Order an immediate review of all U.S. cyber defenses and vulnerabilities, including critical infrastructure, by a Cyber Review Team of individuals from the military, law enforcement, and the private sector.
- Instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.
- Order the Secretary of Defense and Chairman of the Joint Chiefs of Staff to provide recommendations for enhancing U.S. Cyber Command, with a focus on both offense and defense in the cyber domain.
- Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately.”
The website details that the Cyber Review Team will:
- “The Cyber Review Team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats, and will follow up regularly at various Federal agencies and departments.
- The Cyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack.”
Applying the Cybersecurity Plan
Securing national infrastructure is a top priority for Mr. Trump. During a speech on October 3, 2016, to the Retired American Warriors PAC, then candidate Trump said, “[t]o truly make America safe, we must make cybersecurity a major priority” which includes both the government and the private sector. He intends to “order a thorough review of our cyber defenses and weaknesses” including infrastructure. During his Presidential acceptance speech on November 9, 2016, he reiterated his intention to secure national infrastructure.
The importance of a secure national infrastructure was demonstrated last month when a distributed denial of service (DDoS) attack disrupted service providers like Amazon and Netflix, bringing renewed attention to the dangerousness of vulnerable internet of things (IoT) devices. Similarly, recent accusations regarding cybersecurity weaknesses in St. Jude’s medical devices and the Yahoo breach (which Yahoo insists was committed by a state actor) implicates a number of IoT cybersecurity threats that the Trump Cyber Review Team will likely focus on during the first 100 days.
In crafting policies surrounding these and other cybersecurity issues, Mr. Trump will likely take a strong pro-law enforcement approach. Mr. Trump’s predilection for exhausting resources to support law enforcement efforts was front and center at the October 3, 2016 speech when he said, “the United States must develop the ability – no matter how difficult – to track down and incapacitate those responsible…[t]his is the warfare of the future, America’s dominance in this arena must be unquestioned.”
You Are the Company You Keep
Trump’s partnerships with both political and non-political figures offer additional insight into his cybersecurity plans. Vice President-elect Mike Pence and former New York mayor Rudy Giuliani were both key players during the Trump campaign and they both come with cybersecurity experience; supporting the likelihood that the Trump administration will draft thoughtful and comprehensive cybersecurity policies.
Earlier this year Indiana Governor Pence, announced the formation of the Indiana State Executive Council on Cybersecurity. The council is described as a “comprehensive public-private partnership charged with enhancing Indiana’s ability to prevent, respond to and recover from all types of cybersecurity issues.” The council includes input from both public and private partners, which is an increasingly important strategy in the fight against cyber-crime.
Rudy Giuliani, who joined Mr. Trump on stage on election night, remains a key player in forming the Trump agenda. In addition to his time in public office, Giuliani brings significant cybersecurity experience. In 2001, Giuliani founded security consulting company, Guiliani Partners LLC, and he is currently touted as the chair of the “Cybersecurity, Privacy and Crisis Management Practice” at a large international law firm.
As a political outsider himself, Mr. Trump found support from other non-political figures including Peter Thiel, a co-founder of PayPal Holdings Inc., an early investor in Facebook Inc., and a major investor in the tech industry. Thiel’s strong presence during the campaign will likely continue through the presidency, indicating the administration will be aware and sensitive to emerging technologies and associated cybersecurity risks.
Insight into the tech industry will help the Trump administration as it works to fill vacancies at several agencies. One of these vacancies includes replacing the chairman at the Federal Communications Commission (FCC). Mr. Trump once described the Net Neutrality rules as a “power grab” so it is likely that the next FCC chairman will take a deregulatory approach. This could mean big changes for the newly passed broadband privacy rules, Title II common carrier regulations, telecom policy and Commissioner Clyburn’s interest in eliminating mandatory arbitration clauses. As to other regulatory and compliance concerns, including HIPAA and the EU-U.S. Privacy Shield, there will be an adjustment period between administrations, but it is unlikely that Trump administration will entirely obstruct or block these policies.
Trump’s campaign speech described his plan as the beginning of the discussion on how to “gain a critical security edge in the 21st century.” But only after he takes office will we see his policies develop to navigate difficult national cybersecurity issues and meet the needs of the constantly evolving cyber threat.